....The mechanism used involves captured network traffic, which is uploaded to the WPA Cracker service and subjected to an intensive brute force cracking effort. As advertised on the site, what would be a five-day task on a dual-core PC is reduced to a job of about twenty minutes on average. For the more “premium” price of $35, you can get the job done in about half the time....It gets even better. If you try the standard 135-million-word dictionary and do not crack the WPA encryption on your target network, there is an extended dictionary that contains an additional 284 million words. In short, serious brute force wireless network encryption cracking has become a retail commodity.....The interface is simple and clean, and the service does not require any more information from its users than an email address to deliver the results, the network’s ESSID, and a network traffic capture that includes the encrypted WPA handshake. Payment information is handled by Amazon.....

Dictionary attacks work on the assumption (if I'm not mistaken) that the passphrase is a word or combination of words with maybe a few variations like putting a "1" on the end. Such words are used so the passphrases are easy to remember.

But when setting up WPA wireless, you don't have to remember the password - the computer does that for you. So why would you use dictionary words for your WPA passphrase? Why not a long, random collection of gibberish characters that can't be found in any dictionary?

Ideally, yes; you would choose something that's essentially gibberish, so it isn't easily guessed. But lots of people are lazy, or just plain apathetic, and create a fantastically easy to guess (remember, they would say) password and so you have dictionary based attacks.

For example, you wouldn't believe how many Windows machines I've seen whose administrative passwords were "Administrator" or "123456."

When setting up my new D-Link DIR-615 wireless router, so that the new Sony TV could connect to the network, and get on the web...
The Sony rep. advised me to use a WEP64 key [5 characters only] rather than the WPA2-PSK setup I'd chosen.

I'm pretty clueless about such things, but believe that WEP64 isn't as good as WPA2-PSK.

Probably, part of the problem is that Windows idiotically does not let you see the WPA password you set. I don't know how many times I helped folks get on my wireless network by booting Puppy to find the password I had set for it, while looking on the Windows machines on the same network was pointless.

So if Windows does not let you see the password you set, people compensate by using simple, word-based passwords that they can remember and that are vulnerable to dictionary attacks.

That's one thing I've always thought to be funny about Windows. Why do they feel the need to hide everything 20 layers deep in an unreadable directory hierarchy and take away as much of the end-user's ability to configure things as they can? I suppose Microsoft knows what the end-user wants, not the end-user.

What do you do if the administrator chooses an unguessable password and then gets run over by a bus? Or, perhaps even worse, gets fired?

You reset the router. They usually have one of those little buttons in the back that you need a pen to reach.

But if it's a situation where it is a very large complicated network and resetting would be a major problem, you would probably have two trustworthy administrators with the password to provide redundancy. That or it would be written down and stored in a secure location that another trustworthy (but perhaps not technically inclined) person would have the key to, so that they could give the password to the admin's successor.

But the above is more relevant to things like the router password, since anybody connecting to the network needs to know the network password/key (though with WPA I believe you can set it up so that different people have different keys, so that you can revoke a person's access without having to make everybody else redo their connection info).

As for Windows hiding wireless keys, you can probably find them in the registry if you know where to look (fire up regedit and try using the "find" feature, searching for the SSID). I've done this before on Windows2000, and I assume XP is the same. No idea about post-XP Windows versions._________________Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot vote in polls in this forumYou cannot attach files in this forumYou can download files in this forum